How to restrict access to web xml files(2 methods)

Sometimes you need to use xml files to save some website data, which is not public and cannot be accessed by users; we know that the URL of the xml file can be accessed directly in the browser. How can we restrict user access? Perhaps the first thing you think about is to restrict user access though permissions. This is also a method, but you need to set up permissions every time you change the server, which is a bit troublesome and not safe enough. If you forget to restrict the access of public users after a server change, it is possible to leak data; this kind of possibility is very large, and there are too many items to operate each time the server is changed. The brain is easily concentrated and fatigued, something is missing. In addition to restricting permissions, there is also a method one finished, all is finished, see the summary below for details.

How to restrict access to web xml files

1. Permission restrictions

Generally speaking, each website will set up an anonymous user, as long as the undisclosed xml files are not assigned any permissions for this anonymous user, when the user accesses the restricted access xml files in the browser, a login dialog box will pop up. That is, the access of public users is restricted.

The method of setting permissions is very simple. I believe those who are engaged in website work will do, briefly talk about the steps:

Right-click the xml file that restricts user access → Properties → "Security" tab. The following operations are divided into two situations:

1. If it is a Windows Server 2003 system, select users who are allowed to access the website anonymously, and do not assign any permissions, including read permissions, and just confirm.

2. If it is a Windows Server 2008 or higher system, click "Add", in the pop-up dialog box, select the users who are allowed to access the website anonymously, do not assign any permissions, just OK.

2. The website's own restrictions(code restrictions)

If there is only one xml file that restricts user access, as long as there is this file in the request path, the restriction is fine; if there are multiple xml files that restrict user access, you can put them in a folder, as long as the request path contains this Folder name, just limit. The approximate code is as follows(take C# as an example):

private void ForbidXml()
       {
              string url = HttpContext.Current.Request.CurrentExecutionFilePath.Trim().ToLower();
              if (url.IndexOf("/Restrict access to the xml file or the folder where the xml files are located") != -1)
              {
                     return;
              }
       }

As long as the above method is called in the Application_Start method in the Global file, public users can be prohibited from accessing the requested xml files.